Malwarebytes Anti-Malware www.malwarebytes.org Date de l'analyse: 07/04/2016 Heure de l'analyse: 20:54 Fichier journal: mbam.txt Administrateur: Oui Version: 2.2.1.1043 Base de données de programmes malveillants: v2016.04.07.05 Base de données de rootkits: v2016.04.03.01 Licence: Essai Protection contre les programmes malveillants: Activé Protection contre les sites Web malveillants: Activé Autoprotection: Désactivé Système d'exploitation: Windows 8.1 Processeur: x64 Système de fichiers: NTFS Utilisateur: Matthieu Type d'analyse: Analyse des menaces Résultat: Terminé Objets analysés: 388939 Temps écoulé: 5 min, 23 s Mémoire: Activé Démarrage: Activé Système de fichiers: Activé Archives: Activé Rootkits: Désactivé Heuristique: Activé PUP: Activé PUM: Activé Processus: 0 (Aucun élément malveillant détecté) Modules: 2 PUP.Optional.PriceFountain, C:\Users\Matthieu\AppData\Local\HugeResistless\MyKabukis.dll, Supprimer au redémarrage, [0cf53478732635010fb796673ec38b75], PUP.Optional.PriceFountain, C:\Users\Matthieu\AppData\Local\HugeResistless\MyKabukis.dll, Supprimer au redémarrage, [0cf53478732635010fb796673ec38b75], Clés du Registre: 10 PUP.Optional.UpdateProc, HKU\S-1-5-21-3481392742-3860446280-2988093705-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PriceFountainUpdateVer, En quarantaine, [13ee0e9e544532044b374af84eb6ec14], PUP.Optional.CloudScout, HKLM\SOFTWARE\5da059a482fd494db3f252126fbc3d5b, En quarantaine, [c43dd0dce9b05dd918dd9db2fe064bb5], PUP.Optional.PCSpeedupPro, HKLM\SOFTWARE\pcspeeduppro.net, En quarantaine, [f011eebe5a3fc67099e49ef944c0867a], PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, En quarantaine, [af52901c4f4a9f9734701f684bb95fa1], PUP.Optional.PriceFountain, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{78CC5723-7E5D-4506-9FA1-72534540555F}, Supprimer au redémarrage, [d72a0d9f40597bbbc9b1e6440003936d], PUP.Optional.PriceFountain, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{D4172532-2D03-490D-B336-A295EBBF122C}, Supprimer au redémarrage, [cc357d2fdebb63d312b1c1d423e1f30d], PUP.Optional.PriceFountain, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\PriceFountainUpdateVer, Supprimer au redémarrage, [ba4777351f7af145df9ce545d72c45bb], PUP.Optional.InstallCore, HKU\S-1-5-21-3481392742-3860446280-2988093705-1001\SOFTWARE\ICSW1.18, En quarantaine, [2ad7ac001c7d69cd4853ce55d430f709], PUP.Optional.PCSpeedupPro, HKU\S-1-5-21-3481392742-3860446280-2988093705-1001\SOFTWARE\pcspeeduppro.net, En quarantaine, [6a97f2bad5c4f04643383e597d87ba46], PUP.Optional.WinYahoo, HKU\S-1-5-21-3481392742-3860446280-2988093705-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, En quarantaine, [ef12e2cad2c7a096269d909b0af9768a], Valeurs du Registre: 6 PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, https://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_popjar_16_09¶m1=1¶m2=f[af52901c4f4a9f9734701f684bb95fa1]D4%26b[af52901c4f4a9f9734701f684bb95fa1]DIE%26cc[af52901c4f4a9f9734701f684bb95fa1]Dfr%26pa[af52901c4f4a9f9734701f684bb95fa1]DWincy%26cd[af52901c4f4a9f9734701f684bb95fa1]D2XzuyEtN2Y1L1QzuyCtDtDtBzytByDyDyD0CtByD0Ezz0DtDtN0D0Tzu0StCyDtByDtN1L2XzutAtFtCzytFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StA0C0FzzzytD0B0EtGyCtCtBtBtGyByBtBtAtGyDyBtDtAtGyE0EyByCtCtAtA0D0EyEyDtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDyE0Bzy0C0BtA0FtGyCtB0C0DtGyE0A0F0CtGzzzztA0BtG0DyCyD0B0ByByCtCzyyCyD0C2QtN0A0LzuyE%26cr[af52901c4f4a9f9734701f684bb95fa1]D1183698830%26a[af52901c4f4a9f9734701f684bb95fa1]Dwbf_popjar_16_09%26os_ver[af52901c4f4a9f9734701f684bb95fa1]D6.3%26os[af52901c4f4a9f9734701f684bb95fa1]DWindowsEn quarantaineB8.1En quarantaineBPro&p={searchTerms}, %4, %5 PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TopResultURLFallback, https://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_popjar_16_09¶m1=1¶m2=f[b051e2ca4f4ac76faef6483f8b793dc3]D4%26b[b051e2ca4f4ac76faef6483f8b793dc3]DIE%26cc[b051e2ca4f4ac76faef6483f8b793dc3]Dfr%26pa[b051e2ca4f4ac76faef6483f8b793dc3]DWincy%26cd[b051e2ca4f4ac76faef6483f8b793dc3]D2XzuyEtN2Y1L1QzuyCtDtDtBzytByDyDyD0CtByD0Ezz0DtDtN0D0Tzu0StCyDtByDtN1L2XzutAtFtCzytFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StA0C0FzzzytD0B0EtGyCtCtBtBtGyByBtBtAtGyDyBtDtAtGyE0EyByCtCtAtA0D0EyEyDtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDyE0Bzy0C0BtA0FtGyCtB0C0DtGyE0A0F0CtGzzzztA0BtG0DyCyD0B0ByByCtCzyyCyD0C2QtN0A0LzuyE%26cr[b051e2ca4f4ac76faef6483f8b793dc3]D1183698830%26a[b051e2ca4f4ac76faef6483f8b793dc3]Dwbf_popjar_16_09%26os_ver[b051e2ca4f4ac76faef6483f8b793dc3]D6.3%26os[b051e2ca4f4ac76faef6483f8b793dc3]DWindowsEn quarantaineB8.1En quarantaineBPro&p={searchTerms}, %4, %5 PUP.Optional.PriceFountain, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{78CC5723-7E5D-4506-9FA1-72534540555F}|Path, \PriceFountainUpdateVer, Supprimer au redémarrage, [d72a0d9f40597bbbc9b1e6440003936d] PUP.Optional.PriceFountain, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{D4172532-2D03-490D-B336-A295EBBF122C}|Path, \MatthieuHugeResistlessV2, Supprimer au redémarrage, [cc357d2fdebb63d312b1c1d423e1f30d] PUP.Optional.WinYahoo, HKU\S-1-5-21-3481392742-3860446280-2988093705-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, https://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_popjar_16_09¶m1=1¶m2=f[ef12e2cad2c7a096269d909b0af9768a]D4%26b[ef12e2cad2c7a096269d909b0af9768a]DIE%26cc[ef12e2cad2c7a096269d909b0af9768a]Dfr%26pa[ef12e2cad2c7a096269d909b0af9768a]DWincy%26cd[ef12e2cad2c7a096269d909b0af9768a]D2XzuyEtN2Y1L1QzuyCtDtDtBzytByDyDyD0CtByD0Ezz0DtDtN0D0Tzu0StCyDtByDtN1L2XzutAtFtCzytFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StA0C0FzzzytD0B0EtGyCtCtBtBtGyByBtBtAtGyDyBtDtAtGyE0EyByCtCtAtA0D0EyEyDtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDyE0Bzy0C0BtA0FtGyCtB0C0DtGyE0A0F0CtGzzzztA0BtG0DyCyD0B0ByByCtCzyyCyD0C2QtN0A0LzuyE%26cr[ef12e2cad2c7a096269d909b0af9768a]D1183698830%26a[ef12e2cad2c7a096269d909b0af9768a]Dwbf_popjar_16_09%26os_ver[ef12e2cad2c7a096269d909b0af9768a]D6.3%26os[ef12e2cad2c7a096269d909b0af9768a]DWindowsEn quarantaineB8.1En quarantaineBPro&p={searchTerms}, %4, %5 PUP.Optional.WinYahoo, HKU\S-1-5-21-3481392742-3860446280-2988093705-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TopResultURLFallback, https://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_popjar_16_09¶m1=1¶m2=f[748d624a6336989e9e25b57640c3827e]D4%26b[748d624a6336989e9e25b57640c3827e]DIE%26cc[748d624a6336989e9e25b57640c3827e]Dfr%26pa[748d624a6336989e9e25b57640c3827e]DWincy%26cd[748d624a6336989e9e25b57640c3827e]D2XzuyEtN2Y1L1QzuyCtDtDtBzytByDyDyD0CtByD0Ezz0DtDtN0D0Tzu0StCyDtByDtN1L2XzutAtFtCzytFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StA0C0FzzzytD0B0EtGyCtCtBtBtGyByBtBtAtGyDyBtDtAtGyE0EyByCtCtAtA0D0EyEyDtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDyE0Bzy0C0BtA0FtGyCtB0C0DtGyE0A0F0CtGzzzztA0BtG0DyCyD0B0ByByCtCzyyCyD0C2QtN0A0LzuyE%26cr[748d624a6336989e9e25b57640c3827e]D1183698830%26a[748d624a6336989e9e25b57640c3827e]Dwbf_popjar_16_09%26os_ver[748d624a6336989e9e25b57640c3827e]D6.3%26os[748d624a6336989e9e25b57640c3827e]DWindowsEn quarantaineB8.1En quarantaineBPro&p={searchTerms}, %4, %5 Données du Registre: 3 PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, https://fr.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_popjar_16_09¶m1=1¶m2=fMauvais : (https://fr.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_popjar_16_09¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dfr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyCtDtDtBzytByDyDyD0CtByD0Ezz0DtDtN0D0Tzu0StCyDtByDtN1L2XzutAtFtCzytFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StA0C0FzzzytD0B0EtGyCtCtBtBtGyByBtBtAtGyDyBtDtAtGyE0EyByCtCtAtA0D0EyEyDtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDyE0Bzy0C0BtA0FtGyCtB0C0DtGyE0A0F0CtGzzzztA0BtG0DyCyD0B0ByByCtCzyyCyD0C2QtN0A0LzuyE%26cr%3D1183698830%26a%3Dwbf_popjar_16_09%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BPro),Remplacé,[f809c5e7237684b22160d25ea85d867a]D1%26bMauvais : (https://fr.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_popjar_16_09¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dfr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyCtDtDtBzytByDyDyD0CtByD0Ezz0DtDtN0D0Tzu0StCyDtByDtN1L2XzutAtFtCzytFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StA0C0FzzzytD0B0EtGyCtCtBtBtGyByBtBtAtGyDyBtDtAtGyE0EyByCtCtAtA0D0EyEyDtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDyE0Bzy0C0BtA0FtGyCtB0C0DtGyE0A0F0CtGzzzztA0BtG0DyCyD0B0ByByCtCzyyCyD0C2QtN0A0LzuyE%26cr%3D1183698830%26a%3Dwbf_popjar_16_09%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BPro),Remplacé,[f809c5e7237684b22160d25ea85d867a]DIE%26ccMauvais : (https://fr.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_popjar_16_09¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dfr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyCtDtDtBzytByDyDyD0CtByD0Ezz0DtDtN0D0Tzu0StCyDtByDtN1L2XzutAtFtCzytFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StA0C0FzzzytD0B0EtGyCtCtBtBtGyByBtBtAtGyDyBtDtAtGyE0EyByCtCtAtA0D0EyEyDtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDyE0Bzy0C0BtA0FtGyCtB0C0DtGyE0A0F0CtGzzzztA0BtG0DyCyD0B0ByByCtCzyyCyD0C2QtN0A0LzuyE%26cr%3D1183698830%26a%3Dwbf_popjar_16_09%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BPro),Remplacé,[f809c5e7237684b22160d25ea85d867a]Dfr%26paMauvais : (https://fr.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_popjar_16_09¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dfr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyCtDtDtBzytByDyDyD0CtByD0Ezz0DtDtN0D0Tzu0StCyDtByDtN1L2XzutAtFtCzytFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StA0C0FzzzytD0B0EtGyCtCtBtBtGyByBtBtAtGyDyBtDtAtGyE0EyByCtCtAtA0D0EyEyDtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDyE0Bzy0C0BtA0FtGyCtB0C0DtGyE0A0F0CtGzzzztA0BtG0DyCyD0B0ByByCtCzyyCyD0C2QtN0A0LzuyE%26cr%3D1183698830%26a%3Dwbf_popjar_16_09%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BPro),Remplacé,[f809c5e7237684b22160d25ea85d867a]DWincy%26cdMauvais : (https://fr.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_popjar_16_09¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dfr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyCtDtDtBzytByDyDyD0CtByD0Ezz0DtDtN0D0Tzu0StCyDtByDtN1L2XzutAtFtCzytFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StA0C0FzzzytD0B0EtGyCtCtBtBtGyByBtBtAtGyDyBtDtAtGyE0EyByCtCtAtA0D0EyEyDtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDyE0Bzy0C0BtA0FtGyCtB0C0DtGyE0A0F0CtGzzzztA0BtG0DyCyD0B0ByByCtCzyyCyD0C2QtN0A0LzuyE%26cr%3D1183698830%26a%3Dwbf_popjar_16_09%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BPro),Remplacé,[f809c5e7237684b22160d25ea85d867a]D2XzuyEtN2Y1L1QzuyCtDtDtBzytByDyDyD0CtByD0Ezz0DtDtN0D0Tzu0StCyDtByDtN1L2XzutAtFtCzytFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StA0C0FzzzytD0B0EtGyCtCtBtBtGyByBtBtAtGyDyBtDtAtGyE0EyByCtCtAtA0D0EyEyDtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDyE0Bzy0C0BtA0FtGyCtB0C0DtGyE0A0F0CtGzzzztA0BtG0DyCyD0B0ByByCtCzyyCyD0C2QtN0A0LzuyE%26crMauvais : (https://fr.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_popjar_16_09¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dfr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyCtDtDtBzytByDyDyD0CtByD0Ezz0DtDtN0D0Tzu0StCyDtByDtN1L2XzutAtFtCzytFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StA0C0FzzzytD0B0EtGyCtCtBtBtGyByBtBtAtGyDyBtDtAtGyE0EyByCtCtAtA0D0EyEyDtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDyE0Bzy0C0BtA0FtGyCtB0C0DtGyE0A0F0CtGzzzztA0BtG0DyCyD0B0ByByCtCzyyCyD0C2QtN0A0LzuyE%26cr%3D1183698830%26a%3Dwbf_popjar_16_09%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BPro),Remplacé,[f809c5e7237684b22160d25ea85d867a]D1183698830%26aMauvais : (https://fr.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_popjar_16_09¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dfr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyCtDtDtBzytByDyDyD0CtByD0Ezz0DtDtN0D0Tzu0StCyDtByDtN1L2XzutAtFtCzytFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StA0C0FzzzytD0B0EtGyCtCtBtBtGyByBtBtAtGyDyBtDtAtGyE0EyByCtCtAtA0D0EyEyDtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDyE0Bzy0C0BtA0FtGyCtB0C0DtGyE0A0F0CtGzzzztA0BtG0DyCyD0B0ByByCtCzyyCyD0C2QtN0A0LzuyE%26cr%3D1183698830%26a%3Dwbf_popjar_16_09%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BPro),Remplacé,[f809c5e7237684b22160d25ea85d867a]Dwbf_popjar_16_09%26os_verMauvais : (https://fr.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_popjar_16_09¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dfr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyCtDtDtBzytByDyDyD0CtByD0Ezz0DtDtN0D0Tzu0StCyDtByDtN1L2XzutAtFtCzytFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StA0C0FzzzytD0B0EtGyCtCtBtBtGyByBtBtAtGyDyBtDtAtGyE0EyByCtCtAtA0D0EyEyDtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDyE0Bzy0C0BtA0FtGyCtB0C0DtGyE0A0F0CtGzzzztA0BtG0DyCyD0B0ByByCtCzyyCyD0C2QtN0A0LzuyE%26cr%3D1183698830%26a%3Dwbf_popjar_16_09%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BPro),Remplacé,[f809c5e7237684b22160d25ea85d867a]D6.3%26osMauvais : (https://fr.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_popjar_16_09¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dfr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyCtDtDtBzytByDyDyD0CtByD0Ezz0DtDtN0D0Tzu0StCyDtByDtN1L2XzutAtFtCzytFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StA0C0FzzzytD0B0EtGyCtCtBtBtGyByBtBtAtGyDyBtDtAtGyE0EyByCtCtAtA0D0EyEyDtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDyE0Bzy0C0BtA0FtGyCtB0C0DtGyE0A0F0CtGzzzztA0BtG0DyCyD0B0ByByCtCzyyCyD0C2QtN0A0LzuyE%26cr%3D1183698830%26a%3Dwbf_popjar_16_09%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BPro),Remplacé,[f809c5e7237684b22160d25ea85d867a]DWindowsBon : (www.google.com)B8.1Bon : (www.google.com)BPro, %4, %5 PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, https://fr.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_popjar_16_09¶m1=1¶m2=fMauvais : (https://fr.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_popjar_16_09¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dfr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyCtDtDtBzytByDyDyD0CtByD0Ezz0DtDtN0D0Tzu0StCyDtByDtN1L2XzutAtFtCzytFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StA0C0FzzzytD0B0EtGyCtCtBtBtGyByBtBtAtGyDyBtDtAtGyE0EyByCtCtAtA0D0EyEyDtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDyE0Bzy0C0BtA0FtGyCtB0C0DtGyE0A0F0CtGzzzztA0BtG0DyCyD0B0ByByCtCzyyCyD0C2QtN0A0LzuyE%26cr%3D1183698830%26a%3Dwbf_popjar_16_09%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BPro),Remplacé,[58a9f6b64e4b1c1acab7f53b92739f61]D1%26bMauvais : (https://fr.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_popjar_16_09¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dfr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyCtDtDtBzytByDyDyD0CtByD0Ezz0DtDtN0D0Tzu0StCyDtByDtN1L2XzutAtFtCzytFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StA0C0FzzzytD0B0EtGyCtCtBtBtGyByBtBtAtGyDyBtDtAtGyE0EyByCtCtAtA0D0EyEyDtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDyE0Bzy0C0BtA0FtGyCtB0C0DtGyE0A0F0CtGzzzztA0BtG0DyCyD0B0ByByCtCzyyCyD0C2QtN0A0LzuyE%26cr%3D1183698830%26a%3Dwbf_popjar_16_09%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BPro),Remplacé,[58a9f6b64e4b1c1acab7f53b92739f61]DIE%26ccMauvais : (https://fr.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_popjar_16_09¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dfr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyCtDtDtBzytByDyDyD0CtByD0Ezz0DtDtN0D0Tzu0StCyDtByDtN1L2XzutAtFtCzytFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StA0C0FzzzytD0B0EtGyCtCtBtBtGyByBtBtAtGyDyBtDtAtGyE0EyByCtCtAtA0D0EyEyDtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDyE0Bzy0C0BtA0FtGyCtB0C0DtGyE0A0F0CtGzzzztA0BtG0DyCyD0B0ByByCtCzyyCyD0C2QtN0A0LzuyE%26cr%3D1183698830%26a%3Dwbf_popjar_16_09%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BPro),Remplacé,[58a9f6b64e4b1c1acab7f53b92739f61]Dfr%26paMauvais : (https://fr.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_popjar_16_09¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dfr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyCtDtDtBzytByDyDyD0CtByD0Ezz0DtDtN0D0Tzu0StCyDtByDtN1L2XzutAtFtCzytFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StA0C0FzzzytD0B0EtGyCtCtBtBtGyByBtBtAtGyDyBtDtAtGyE0EyByCtCtAtA0D0EyEyDtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDyE0Bzy0C0BtA0FtGyCtB0C0DtGyE0A0F0CtGzzzztA0BtG0DyCyD0B0ByByCtCzyyCyD0C2QtN0A0LzuyE%26cr%3D1183698830%26a%3Dwbf_popjar_16_09%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BPro),Remplacé,[58a9f6b64e4b1c1acab7f53b92739f61]DWincy%26cdMauvais : (https://fr.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_popjar_16_09¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dfr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyCtDtDtBzytByDyDyD0CtByD0Ezz0DtDtN0D0Tzu0StCyDtByDtN1L2XzutAtFtCzytFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StA0C0FzzzytD0B0EtGyCtCtBtBtGyByBtBtAtGyDyBtDtAtGyE0EyByCtCtAtA0D0EyEyDtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDyE0Bzy0C0BtA0FtGyCtB0C0DtGyE0A0F0CtGzzzztA0BtG0DyCyD0B0ByByCtCzyyCyD0C2QtN0A0LzuyE%26cr%3D1183698830%26a%3Dwbf_popjar_16_09%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BPro),Remplacé,[58a9f6b64e4b1c1acab7f53b92739f61]D2XzuyEtN2Y1L1QzuyCtDtDtBzytByDyDyD0CtByD0Ezz0DtDtN0D0Tzu0StCyDtByDtN1L2XzutAtFtCzytFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StA0C0FzzzytD0B0EtGyCtCtBtBtGyByBtBtAtGyDyBtDtAtGyE0EyByCtCtAtA0D0EyEyDtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDyE0Bzy0C0BtA0FtGyCtB0C0DtGyE0A0F0CtGzzzztA0BtG0DyCyD0B0ByByCtCzyyCyD0C2QtN0A0LzuyE%26crMauvais : (https://fr.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_popjar_16_09¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dfr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyCtDtDtBzytByDyDyD0CtByD0Ezz0DtDtN0D0Tzu0StCyDtByDtN1L2XzutAtFtCzytFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StA0C0FzzzytD0B0EtGyCtCtBtBtGyByBtBtAtGyDyBtDtAtGyE0EyByCtCtAtA0D0EyEyDtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDyE0Bzy0C0BtA0FtGyCtB0C0DtGyE0A0F0CtGzzzztA0BtG0DyCyD0B0ByByCtCzyyCyD0C2QtN0A0LzuyE%26cr%3D1183698830%26a%3Dwbf_popjar_16_09%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BPro),Remplacé,[58a9f6b64e4b1c1acab7f53b92739f61]D1183698830%26aMauvais : (https://fr.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_popjar_16_09¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dfr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyCtDtDtBzytByDyDyD0CtByD0Ezz0DtDtN0D0Tzu0StCyDtByDtN1L2XzutAtFtCzytFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StA0C0FzzzytD0B0EtGyCtCtBtBtGyByBtBtAtGyDyBtDtAtGyE0EyByCtCtAtA0D0EyEyDtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDyE0Bzy0C0BtA0FtGyCtB0C0DtGyE0A0F0CtGzzzztA0BtG0DyCyD0B0ByByCtCzyyCyD0C2QtN0A0LzuyE%26cr%3D1183698830%26a%3Dwbf_popjar_16_09%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BPro),Remplacé,[58a9f6b64e4b1c1acab7f53b92739f61]Dwbf_popjar_16_09%26os_verMauvais : (https://fr.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_popjar_16_09¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dfr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyCtDtDtBzytByDyDyD0CtByD0Ezz0DtDtN0D0Tzu0StCyDtByDtN1L2XzutAtFtCzytFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StA0C0FzzzytD0B0EtGyCtCtBtBtGyByBtBtAtGyDyBtDtAtGyE0EyByCtCtAtA0D0EyEyDtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDyE0Bzy0C0BtA0FtGyCtB0C0DtGyE0A0F0CtGzzzztA0BtG0DyCyD0B0ByByCtCzyyCyD0C2QtN0A0LzuyE%26cr%3D1183698830%26a%3Dwbf_popjar_16_09%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BPro),Remplacé,[58a9f6b64e4b1c1acab7f53b92739f61]D6.3%26osMauvais : (https://fr.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_popjar_16_09¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dfr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyCtDtDtBzytByDyDyD0CtByD0Ezz0DtDtN0D0Tzu0StCyDtByDtN1L2XzutAtFtCzytFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StA0C0FzzzytD0B0EtGyCtCtBtBtGyByBtBtAtGyDyBtDtAtGyE0EyByCtCtAtA0D0EyEyDtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDyE0Bzy0C0BtA0FtGyCtB0C0DtGyE0A0F0CtGzzzztA0BtG0DyCyD0B0ByByCtCzyyCyD0C2QtN0A0LzuyE%26cr%3D1183698830%26a%3Dwbf_popjar_16_09%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BPro),Remplacé,[58a9f6b64e4b1c1acab7f53b92739f61]DWindowsBon : (www.google.com)B8.1Bon : (www.google.com)BPro, %4, %5 Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|NameServer, 82.163.143.171 82.163.142.173, Bon : (8.8.8.8), Mauvais : (82.163.143.171 82.163.142.173),Remplacé,[03fe8725e4b5cd696b426ac69a6bff01] Dossiers: 12 PUP.Optional.UpdateProc, C:\Users\Matthieu\AppData\Roaming\PriceFountainUpdateVer\UpdateProc, En quarantaine, [13ee0e9e544532044b374af84eb6ec14], PUP.Optional.UpdateProc, C:\Users\Matthieu\AppData\Roaming\PriceFountainUpdateVer, En quarantaine, [13ee0e9e544532044b374af84eb6ec14], PUP.Optional.WindowsFileOpener, C:\Users\Matthieu\AppData\Roaming\FileOpenerWindows, En quarantaine, [26dbd5d7badfd16587cabadd63a1a759], PUP.Optional.WindowsFileOpener, C:\Users\Matthieu\AppData\Roaming\FileOpenerWindows\x64, En quarantaine, [26dbd5d7badfd16587cabadd63a1a759], PUP.Optional.WindowsFileOpener, C:\Users\Matthieu\AppData\Roaming\FileOpenerWindows\x86, En quarantaine, [26dbd5d7badfd16587cabadd63a1a759], PUP.Optional.PCSpeedupPro, C:\ProgramData\pcspeeduppro.net, En quarantaine, [6f92d1db3e5b0d29ccc031f54db66b95], PUP.Optional.PCSpeedupPro, C:\ProgramData\pcspeeduppro.net\PC-Speedup-Pro, En quarantaine, [6f92d1db3e5b0d29ccc031f54db66b95], PUP.Optional.PCSpeedupPro, C:\ProgramData\pcspeeduppro.net\PC-Speedup-Pro\updates, En quarantaine, [6f92d1db3e5b0d29ccc031f54db66b95], PUP.Optional.PCSpeedupPro, C:\Users\Matthieu\AppData\Roaming\pcspeeduppro.net, En quarantaine, [946d713bb7e2aa8c97f5a086ff0456aa], PUP.Optional.PCSpeedupPro, C:\Users\Matthieu\AppData\Roaming\pcspeeduppro.net\PC-Speedup-Pro, En quarantaine, [946d713bb7e2aa8c97f5a086ff0456aa], PUP.Optional.PCSpeedupPro, C:\Users\Matthieu\AppData\Roaming\pcspeeduppro.net\PC-Speedup-Pro\smico, En quarantaine, [946d713bb7e2aa8c97f5a086ff0456aa], PUP.Optional.PriceFountain.Gen, C:\Users\Matthieu\AppData\Local\HugeResistless, Supprimer au redémarrage, [ae530aa2524710263d951149d92c19e7], Fichiers: 42 PUP.Optional.PriceFountain, C:\Users\Matthieu\AppData\Local\HugeResistless\MyKabukis.dll, Supprimer au redémarrage, [0cf53478732635010fb796673ec38b75], PUP.Optional.PriceFountain, C:\Users\Matthieu\AppData\Local\Temp\MyKabukis.dll, En quarantaine, [5ca504a85f3a30067f47827b847d6f91], PUP.Optional.PriceFountain, C:\Windows\System32\Tasks\PriceFountainUpdateVer, En quarantaine, [1fe21e8edfbae4521b5d52d8d132d62a], PUP.Optional.PriceFountain, C:\Windows\Tasks\PriceFountainUpdateVer.job, En quarantaine, [d62ba309eaafec4aaecb5eccd52eee12], PUP.Optional.UpdateProc, C:\Users\Matthieu\AppData\Roaming\PriceFountainUpdateVer\UpdateProc\bkup.dat, En quarantaine, [13ee0e9e544532044b374af84eb6ec14], PUP.Optional.UpdateProc, C:\Users\Matthieu\AppData\Roaming\PriceFountainUpdateVer\UpdateProc\config.dat, En quarantaine, [13ee0e9e544532044b374af84eb6ec14], PUP.Optional.UpdateProc, C:\Users\Matthieu\AppData\Roaming\PriceFountainUpdateVer\UpdateProc\info.dat, En quarantaine, [13ee0e9e544532044b374af84eb6ec14], PUP.Optional.UpdateProc, C:\Users\Matthieu\AppData\Roaming\PriceFountainUpdateVer\UpdateProc\UpdateTask.exe, En quarantaine, [13ee0e9e544532044b374af84eb6ec14], PUP.Optional.PriceFountain, C:\Windows\System32\Tasks\MatthieuHugeResistlessV2, En quarantaine, [9071b6f63960f3433b509aee31d35ea2], PUP.Optional.eShopComp, C:\Users\Matthieu\AppData\Local\Chromium\User Data\Default\Local Storage\http_pstatic.eshopcomp.com_0.localstorage, Supprimer au redémarrage, [917003a90b8e39fd70789af237cd42be], PUP.Optional.eShopComp, C:\Users\Matthieu\AppData\Local\Chromium\User Data\Default\Local Storage\http_pstatic.eshopcomp.com_0.localstorage-journal, Supprimer au redémarrage, [af52f8b47b1e6fc72fb9d4b81ee645bb], PUP.Optional.UTop, C:\Users\Matthieu\AppData\Local\Chromium\User Data\Default\Local Storage\http_utop.it_0.localstorage, Supprimer au redémarrage, [f20f208c66338fa7dc110e7eae562fd1], PUP.Optional.UTop, C:\Users\Matthieu\AppData\Local\Chromium\User Data\Default\Local Storage\http_utop.it_0.localstorage-journal, Supprimer au redémarrage, [8978dbd14653979fbc314448d72d768a], PUP.Optional.CrossRider, C:\Users\Matthieu\AppData\Local\Chromium\User Data\Default\Local Storage\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage, Supprimer au redémarrage, [679a901c3168a2946decb4dbe81c07f9], PUP.Optional.CrossRider, C:\Users\Matthieu\AppData\Local\Chromium\User Data\Default\Local Storage\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage-journal, Supprimer au redémarrage, [a35e515b3e5b4ee8b8a1731c788c8977], PUP.Optional.WindowsFileOpener, C:\Users\Matthieu\AppData\Roaming\FileOpenerWindows\wfo.exe.config, En quarantaine, [26dbd5d7badfd16587cabadd63a1a759], PUP.Optional.WindowsFileOpener, C:\Users\Matthieu\AppData\Roaming\FileOpenerWindows\langswfo.db, En quarantaine, [26dbd5d7badfd16587cabadd63a1a759], PUP.Optional.WindowsFileOpener, C:\Users\Matthieu\AppData\Roaming\FileOpenerWindows\System.Data.SQLite.DLL, En quarantaine, [26dbd5d7badfd16587cabadd63a1a759], PUP.Optional.WindowsFileOpener, C:\Users\Matthieu\AppData\Roaming\FileOpenerWindows\wfo.exe, En quarantaine, [26dbd5d7badfd16587cabadd63a1a759], PUP.Optional.WindowsFileOpener, C:\Users\Matthieu\AppData\Roaming\FileOpenerWindows\x64\SQLite.Interop.dll, En quarantaine, [26dbd5d7badfd16587cabadd63a1a759], PUP.Optional.WindowsFileOpener, C:\Users\Matthieu\AppData\Roaming\FileOpenerWindows\x86\SQLite.Interop.dll, En quarantaine, [26dbd5d7badfd16587cabadd63a1a759], PUP.Optional.PCSpeedupPro, C:\ProgramData\pcspeeduppro.net\PC-Speedup-Pro\pcsp.db, En quarantaine, [6f92d1db3e5b0d29ccc031f54db66b95], PUP.Optional.PCSpeedupPro, C:\ProgramData\pcspeeduppro.net\PC-Speedup-Pro\pcspstartrepair_en.mp3, En quarantaine, [6f92d1db3e5b0d29ccc031f54db66b95], PUP.Optional.PCSpeedupPro, C:\ProgramData\pcspeeduppro.net\PC-Speedup-Pro\voice.ini, En quarantaine, [6f92d1db3e5b0d29ccc031f54db66b95], PUP.Optional.PCSpeedupPro, C:\Users\Matthieu\AppData\Roaming\pcspeeduppro.net\PC-Speedup-Pro\Errorlog.txt, En quarantaine, [946d713bb7e2aa8c97f5a086ff0456aa], PUP.Optional.PCSpeedupPro, C:\Users\Matthieu\AppData\Roaming\pcspeeduppro.net\PC-Speedup-Pro\exlist.bin, En quarantaine, [946d713bb7e2aa8c97f5a086ff0456aa], PUP.Optional.PCSpeedupPro, C:\Users\Matthieu\AppData\Roaming\pcspeeduppro.net\PC-Speedup-Pro\notifier.xml, En quarantaine, [946d713bb7e2aa8c97f5a086ff0456aa], PUP.Optional.PCSpeedupPro, C:\Users\Matthieu\AppData\Roaming\pcspeeduppro.net\PC-Speedup-Pro\update.xml, En quarantaine, [946d713bb7e2aa8c97f5a086ff0456aa], PUP.Optional.PriceFountain.Gen, C:\Users\Matthieu\AppData\Local\HugeResistless\Rkey.dat, En quarantaine, [ae530aa2524710263d951149d92c19e7], PUP.Optional.PriceFountain.Gen, C:\Users\Matthieu\AppData\Local\HugeResistless\amazon.fr .lnk, En quarantaine, [ae530aa2524710263d951149d92c19e7], PUP.Optional.PriceFountain.Gen, C:\Users\Matthieu\AppData\Local\HugeResistless\amazon.fr.ico, En quarantaine, [ae530aa2524710263d951149d92c19e7], PUP.Optional.PriceFountain.Gen, C:\Users\Matthieu\AppData\Local\HugeResistless\amazon.fr.lnk, En quarantaine, [ae530aa2524710263d951149d92c19e7], PUP.Optional.PriceFountain.Gen, C:\Users\Matthieu\AppData\Local\HugeResistless\amazon.fr.smenu.URL, En quarantaine, [ae530aa2524710263d951149d92c19e7], PUP.Optional.PriceFountain.Gen, C:\Users\Matthieu\AppData\Local\HugeResistless\amazon.fr.tbar.URL, En quarantaine, [ae530aa2524710263d951149d92c19e7], PUP.Optional.PriceFountain.Gen, C:\Users\Matthieu\AppData\Local\HugeResistless\BiologicsMoires.dat, En quarantaine, [ae530aa2524710263d951149d92c19e7], PUP.Optional.PriceFountain.Gen, C:\Users\Matthieu\AppData\Local\HugeResistless\Booking .lnk, En quarantaine, [ae530aa2524710263d951149d92c19e7], PUP.Optional.PriceFountain.Gen, C:\Users\Matthieu\AppData\Local\HugeResistless\Booking.ico, En quarantaine, [ae530aa2524710263d951149d92c19e7], PUP.Optional.PriceFountain.Gen, C:\Users\Matthieu\AppData\Local\HugeResistless\Booking.lnk, En quarantaine, [ae530aa2524710263d951149d92c19e7], PUP.Optional.PriceFountain.Gen, C:\Users\Matthieu\AppData\Local\HugeResistless\Booking.smenu.URL, En quarantaine, [ae530aa2524710263d951149d92c19e7], PUP.Optional.PriceFountain.Gen, C:\Users\Matthieu\AppData\Local\HugeResistless\Booking.tbar.URL, En quarantaine, [ae530aa2524710263d951149d92c19e7], PUP.Optional.PriceFountain.Gen, C:\Users\Matthieu\AppData\Local\HugeResistless\uninst.exe, En quarantaine, [ae530aa2524710263d951149d92c19e7], PUP.Optional.Amonetize, C:\Users\Matthieu\AppData\Local\Temp\aff.conf, En quarantaine, [0ff20e9ea9f09b9befa1c3988085649c], Secteurs physiques: 0 (Aucun élément malveillant détecté) (end)